exploitDog

CVE-2022-0867

Опубликовано: 16 мая 2022

Источник: nvd

CVSS3: 9.8

CVSS2: 7.5

EPSS Высокий

Описание

The Pricing Table WordPress plugin before 3.6.1 fails to properly sanitize and escape user supplied POST data before it is being interpolated in an SQL statement and then executed via an AJAX action available to unauthenticated users

Ссылки

https://wpscan.com/vulnerability/62803aae-9896-410b-9398-3497a838e494
Exploit
Third Party Advisory
https://wpscan.com/vulnerability/62803aae-9896-410b-9398-3497a838e494
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:reputeinfosystems:pricing_table:*:*:*:*:*:wordpress:*:*

Версия до 3.6.1 (исключая)

EPSS

Процентиль: 99%

0.86618

Высокий

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-89

Связанные уязвимости

GHSA-4fv4-gh87-p496

CVSS3: 9.8

github

больше 3 лет назад

The Pricing Table WordPress plugin before 3.6.1 fails to properly sanitize and escape user supplied POST data before it is being interpolated in an SQL statement and then executed via an AJAX action available to unauthenticated users

EPSS

Процентиль: 99%

0.86618

Высокий

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-89